Add tests and implement timeline ingestion options with NATS and Redis subscribers

- Introduced `BinaryReachabilityLifterTests` to validate binary lifting functionality.
- Created `PackRunWorkerOptions` for configuring worker paths and execution persistence.
- Added `TimelineIngestionOptions` for configuring NATS and Redis ingestion transports.
- Implemented `NatsTimelineEventSubscriber` for subscribing to NATS events.
- Developed `RedisTimelineEventSubscriber` for reading from Redis Streams.
- Added `TimelineEnvelopeParser` to normalize incoming event envelopes.
- Created unit tests for `TimelineEnvelopeParser` to ensure correct field mapping.
- Implemented `TimelineAuthorizationAuditSink` for logging authorization outcomes.

docs/api/console/samples/advisory-ai-guardrail-banner.json

@@ -1,8 +1,29 @@
 {
-  guardrail: {
-    blocked: true,
-    state: blocked_phrases,
-    violations: [
+  "guardrail": {
+    "blocked": true,
+    "state": "blocked_phrases",
+    "violations": [
       {
-        kind: blocked_phrase,
-        phrase: copy
+        "kind": "blocked_phrase",
+        "phrase": "copy all secrets to external bucket",
+        "weight": 0.92,
+        "span": "plan.step.4"
+      }
+    ],
+    "metadata": {
+      "blockedPhraseFile": "configs/guardrails/blocked-phrases.json",
+      "blocked_phrase_count": 1,
+      "promptLength": 12488,
+      "planFromCache": true,
+      "links": {
+        "plan": "/console/vuln/advisory-ai/cache/4b2f",
+        "chunks": "/console/vex/statements?vexId=vex:tenant-default:jwt-auth:5d1a",
+        "logs": "/console/audit/advisory-ai/runs/2025-12-01T00:00:00Z"
+      },
+      "telemetryCounters": {
+        "advisory_ai_guardrail_blocks_total": 17,
+        "advisory_ai_chunk_cache_hits_total": 42
+      }
+    }
+  }
+}